RHBA-2014:1435 - Bug Fix Advisory

Topic

Updated spice-server packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

Description

The Simple Protocol for Independent Computing Environments (SPICE) is a remote
display protocol for virtual environments. SPICE users can access a virtualized
desktop or server from the local system or any system with network access to the
server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests
running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat
Enterprise Virtualization Hypervisors.

This update fixes the following bugs:

• Previously, the SPICE server assumed that the SPICE client was connected until

it became disconnected. However, when the client became unresponsive, or did not
disconnect explicitly, the server kept trying to communicate with it.
Consequently, queues, such as a driver commands ring, filled up, and the guest
display driver hung. With this update, the SPICE server monitors if the client
is responsive and disconnect if it is not. (BZ#994175)

• Previously, pending data from the client were cleaned inappropriately. As a

consequence, QEMU could terminate unexpectedly when a VM was rebooting while
being migrated. This update ensures that the pending client data are cleaned
appropriately, and QEMU crashes no longer occur. (BZ#1004443)

• Prior to this update, the SPICE server used exclusively Transport Layer

Security (TLS) version 1.0 for encrypted connections no matter what version(s)
the client advertised. Consequently, the SPICE client could not use newer
versions of TLS. To fix this bug, the SPICE server code has been changed to
allow for TLS 1.0 and above, and clients can now connect using TLS version 1.0
or newer. (BZ#1035695)

• Due to an integer overflow on a 32 bit timer value, infinite loop in the SPICE

server on long running VMs longer than 46 days caused SPICE sessions to become
unresponsive. Where appropriate, 64 bit timer values are now used, and SPICE
sessions no longer crash. (BZ#1072700)

• Due to invalid assertion in the video streaming code, the SPICE hypervisor

could terminate unexpectedly when the assert was triggered. The following error
message was returned in the log file:

qemu sometimes crashes in spice-server with
"rate_control->num_recent_enc_frames" assertion

The invalid assertion has been fixed, and the hypervisor no longer crashes.
(BZ#1086820)

Users of spice-server are advised to upgrade to these updated packages, which
fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64

Fixes

• BZ - 962187 - vm down because of client reset. assert error
• BZ - 994175 - spice server doesn't recognize client disconnection when client disconnects ungracefully
• BZ - 1004443 - Qemu crash during migration with reboot
• BZ - 1035695 - spice-server: Use TLS 1.0 or better
• BZ - 1038670 - spice-server spec-file: fix some dates mismatch in the changelog
• BZ - 1072700 - _spice_timer_set truncates large "now" values
• BZ - 1086820 - qemu sometimes crashes in spice-server with "rate_control->num_recent_enc_frames" assertion
• BZ - 1127342 - Qemu instance received segfault after multiple resolution change

CVEs

(none)

References

(none)